mini-beieli.ch prod is now running on onyx...

README.md

@@ -76,6 +76,7 @@ command to check who is banned:
 # dnf install jq
 # dnf install sysstat
 # dnf install lftp
+# dnf install binutils
 ```
 
 ## Setup Mail

minibeieli/minibeieli.yaml

@@ -0,0 +1,123 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options:/data/minibeieli/influxdb: z
+    bind-mount-options:/data/minibeieli/redis: z
+    bind-mount-options:/data/minibeieli/lorahandlerdata: z
+    bind-mount-options:/home/containers/onyx_pods/minibeieli/telegraf.conf: z
+    io.kubernetes.cri-o.TTY/minibeieli: "false"
+    io.podman.annotations.autoremove/minibeieli: "FALSE"
+    io.podman.annotations.init/minibeieli: "FALSE"
+    io.podman.annotations.label/minibeieli: type:container_runtime_t
+    io.podman.annotations.privileged/minibeieli: "FALSE"
+    io.podman.annotations.publish-all/minibeieli: "FALSE"
+  labels:
+    app: minibeieli-pod
+  name: minibeieli-pod
+spec:
+  containers:
+  - name: mini-beieli-web
+    image: registry.gitlab.com/drpuur/mini-beieli-web:2022122601
+    env:
+    - name: REDIS_CONNECTION_STRING
+      value: 127.0.0.1:6379
+    - name: INFLUX_URL
+      value: http://127.0.0.1:8086/api/v2/query?org=minibeieliorg
+    - name: INFLUX_RO_TOKEN
+      value: _rsxFfFIwY5zwqEFY7MOLTq89hVpIgWAbyibHjwC_5u4QUGAa2_ZBfWFNSL0PylTsH_nabo8FkKEfHrFf31Sgg==
+    - name: STRIPE_KEY
+      value: sk_live_kYXh8qhsHCpI26qEfmseU5nj
+    - name: STRIPE_PK
+      value: pk_live_G9vgPopd9opsY81AfzguwMrq
+    - name: MAILSERVER_HOST
+      value: mail.nbit.ch
+    ports:
+    - containerPort: 4000
+      hostPort: 9070
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+  - name: mini-beieli-lorahandler
+    image: registry.gitlab.com/drpuur/mini-beieli-lorahandler:2022122601
+    env:
+    - name: REDIS_CONNECTION_STRING
+      value: 127.0.0.1:6379
+    ports:
+    - containerPort: 8080
+      hostPort: 9071
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /data
+      name: lorahandlerdata
+  - name: influxdb
+    image: docker.io/library/influxdb:2.6
+    ports:
+    - containerPort: 8086
+      hostPort: 8086
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /var/lib/influxdb2
+      name: influxdb
+  - name: redis
+    image: docker.io/library/redis:7
+    args: ["--save 60 1", "--loglevel warning"]
+    ports:
+    - containerPort: 5432
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /data
+      name: redis
+  - name: telegraf
+    image: docker.io/library/telegraf:1.25
+    resources: {}
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_AUDIT_WRITE
+    volumeMounts:
+    - mountPath: /data
+      name: lorahandlerdata
+    - mountPath: /etc/telegraf/telegraf.conf
+      name: telegrafconf
+  restartPolicy: Always
+  volumes:
+  - hostPath:
+      path: /data/minibeieli/influxdb
+      type: Directory
+    name: influxdb
+  - hostPath:
+      path: /data/minibeieli/redis
+      type: Directory
+    name: redis
+  - hostPath:
+      path: /data/minibeieli/lorahandlerdata
+      type: Directory
+    name: lorahandlerdata
+  - hostPath:
+      path: /home/containers/onyx_pods/minibeieli/telegraf.conf
+      type: File
+    name: telegrafconf

minibeieli/telegraf.conf

@@ -0,0 +1,31 @@
+[global_tags]
+
+# Configuration for telegraf agent
+[agent]
+  interval = "10s"
+  round_interval = true
+  metric_batch_size = 1000
+  metric_buffer_limit = 100000
+  collection_jitter = "0s"
+  flush_interval = "10s"
+  flush_jitter = "0s"
+  precision = ""
+  debug = false
+  quiet = false
+  logfile = ""
+  hostname = ""
+  omit_hostname = false
+
+[[inputs.tail]]
+  files = ["/data/mini-beieli-lorahandler.log"]
+  from_beginning = false
+  pipe = false
+  tagexclude = ["path","host"]
+  data_format = "influx"
+
+# Configuration for sending metrics to InfluxDB 2.0
+[[outputs.influxdb_v2]]
+  urls = ["http://127.0.0.1:8086"]
+  token = "3xt2X2djaSgIOD4mK4fHEoL6MvbdxLBiznaZTDjYF0-v-8x_0PQNSOkpzMPBoWWvas_Y3H7yMMhn6OMsU2Pk-A=="
+  organization = "minibeieliorg"
+  bucket = "minibeielibucket"

traefik/configuration/minibeieli.yml

@@ -0,0 +1,35 @@
+http:
+  routers:
+    minibeieli-web:
+      entrypoints:
+      - websecure
+      tls:
+        certresolver: "myresolver"
+        domains:
+          - main: "mini-beieli.ch"
+            sans: "www.mini-beieli.ch"
+      rule: "Host(`mini-beieli.ch`,`www.mini-beieli.ch`)"
+      service: minibeieli-web
+
+    minibeieli-lorahandler:
+      entrypoints:
+      - websecure
+      tls:
+        certresolver: "myresolver"
+        domains:
+          - main: "mini-beieli.ch"
+            sans: "www.mini-beieli.ch"
+      rule: "Host(`mini-beieli.ch`,`www.mini-beieli.ch`) && PathPrefix(`/lorahandler`)"
+      service: minibeieli-lorahandler
+
+  services:
+    minibeieli-web:
+      loadBalancer:
+        servers:
+        - url: http://127.0.0.1:9070/
+        passHostHeader: true
+    minibeieli-lorahandler:
+      loadBalancer:
+        servers:
+        - url: http://127.0.0.1:9071/
+        passHostHeader: true